326
C
7: C
HAPTER
ONFIGURING
A
, A
UTHENTICATION
UTHORIZATION
Authentication Algorithm
MSS can try more than one of the authentication types described in
"Authentication Types" to authenticate a user. MSS tries 802.1X first. If
the user's NIC supports 802.1X but fails authentication, MSS denies
access. Otherwise, MSS tries MAC authentication next. If MAC
authentication is successful, MSS grants access to the user. Otherwise,
MSS tries the fallthru authentication type specified for the SSID or wired
authentication port. The fallthru authentication type can be one of the
following:
Web
Last-resort
None
Web and last-resort are described in "Authentication Types". None
means the user is automatically denied access. The fallthru authentication
type for wireless access is associated with the SSID (through a service
profile). The fallthru authentication type for wired authentication access is
specified with the wired authentication port. (For information about
service profiles, see "Configuring a Service Profile" on page 257. For
information about wired authentication port configuration, see
"Configuring Wired Authentication Ports" on page 229.)
Figure 13 shows how MSS tries the authentication types.
,
A
P
AND
CCOUNTING
ARAMETERS